OVHCloud: Anti-DDoS Protection Review | Tech Republic

OVHCloud’s Distributed Denial of Service Protection takes the complexity out of protecting your business from Denial of Service attacks.

Image: sarayut_sy/Adobe Stock

Denial of service attacks are a detrimental problem for any company with a presence on the web. A DoS attack floods an externally facing web service with traffic so that the server and its supporting infrastructure cannot respond to the flood of requests. This flooding blocks legitimate traffic and in many cases causes failures that require administrator action.

Distributed denial of service attacks add an extra element, using a maliciously controlled computer network to launch the attack. Malicious actors create a “botnet” that resembles zombies from horror movies. These machines could be controlled by the malicious entity and used to launch a coordinated DoS attack. Because these attacks originate from hundreds or even thousands of devices around the world, they are difficult to detect and mitigate.

These attacks can use a variety of “attack vectors,” ranging from sophisticated attempts to exploit software vulnerabilities to simply trying to flood your resources with requests so much that they can’t keep up.

SEE: 3 top tips for identifying quality vulnerability intelligence (TechRepublic)

OVHCloud Cloud-Based DDoS Mitigation

Typically, avoiding DDoS attacks requires fairly complex network and application design. The most immediate mitigation — having enough spare network and processing power to fend off a DDoS attack — is also the most expensive. In addition to a solid technical architecture, a combination of firewall appliances capable of performing advanced network analysis and using a content delivery network can help mitigate DDoS attacks, but requires setup and management.

OVHCloud, a hosting and cloud service provider, offers an easier solution with its cloud-based DDoS protection, which comes free with the company’s hosting package.

The OVHCloud solution is based on what the company calls a “VAC,” a collection of physical and virtual routers and servers that the company claims can “sweep” malicious traffic by redirecting it away from an organization’s application and web servers.

The OVHCloud system consists of a series of high-throughput routers that continuously analyze the traffic passing through them to the organization’s servers. When a router detects an attack, additional bandwidth can be deployed to keep servers from being overwhelmed. Less than two minutes after the attack was launched, the router redirected all incoming traffic to the VAC.

This immediately reduces the load on servers and applications, and sends the workload of analyzing all incoming traffic to VAC. VAC takes over, absorbs and analyzes all incoming traffic and passes only legitimate traffic to the organization’s servers.

The VAC will continue to process all traffic for the next 26 hours, after which the attacker may lose patience or move on to easier targets. At this point, the VAC will “stop” and begin passing traffic to the server normally, while resetting in the event of another attack.

How OVHCloud sets itself apart from the competition

Interestingly, OVHCloud offers online gaming specific DDoS configurations. Recognizing the importance of competitive gaming and esports, where sponsorships, prize money, and reputation are all on the line, OVHCloud has customized DDoS protection for popular gaming servers.

SEE: Healthcare turns to gaming to build out its metaverse (TechRepublic)

This protection is customized for several popular gaming and communication platforms, from GTA to Mumble. Routers are configured to cache requests, presumably to provide additional performance for high-stakes esports events.

OVHCloud also offers DDoS protection for all of its hosting options and includes default anti-DDoS policies configured by default.

For users who require more advanced and customizable DDoS protection, OVHCloud includes an application programming interface that allows control and monitoring of DDoS platforms. APIs can be used to notify administrators of events and even adjust DDoS profiles when events occur.

If any user chooses to fail to mitigate an incoming DDoS attack, protection will continue to escalate to keep the application running. This provides a nice balance, allowing users the flexibility to design their DDoS protection while also providing protection from upgrades should their configuration prove inappropriate.

OVHCloud: Powerful and Cost-Effective DDoS Protection

DDoS attacks are difficult to detect and mitigate because they can strike without warning and come from multiple sources with seemingly inconsistent patterns. Devising a comprehensive approach to defend against DDoS can be challenging, even for experienced network and security administrators, and deploying the proper hardware and software can be cost-prohibitive.

OVHCloud allows server administrators to focus on more important things because robust protection has been designed and deployed. The use of Shared VAC technology provides robust protection for applications when needed, effectively “disappearing” when they are no longer running.

Managed service providers often seem interchangeable, with most offering reliable, cost-effective bare-metal or cloud-based hardware at similar prices. Features like OVHCloud include DDoS protection, which can be a tilting factor that differentiates one provider from another. This feature could keep your business-critical applications running while malicious actors try to shut them down.

Leave a Reply

Your email address will not be published. Required fields are marked *